jshensh/downloadCertificate.php

## downloadCertificate.php
<?php
$dn = array(
    "countryName" => "CN",
    "stateOrProvinceName" => "Shanghai",
    "localityName" => "Shanghai",
    "organizationName" => "O",
    "organizationalUnitName" => "OU",
    "commonName" => "Guest",
    "emailAddress" => "guest@example.com"
);

$privkey = openssl_pkey_new(array(
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
    'config' => getcwd() . '/openssl.cnf'
));

$csr = openssl_csr_new($dn, $privkey, ['digest_alg' => 'sha256', 'config' => getcwd() . '/openssl.cnf']);

$x509 = openssl_csr_sign($csr, 'file://' . getcwd() . '/CA/cacert.pem', 'file://' . getcwd() . '/CA/private/cakey.pem', 365, ['digest_alg' => 'sha256', 'config' => getcwd() . '/openssl.cnf'], 1000);

$cacert = file_get_contents(getcwd() . '/CA/cacert.pem');

openssl_x509_export($x509, $certout);
openssl_pkey_export($privkey, $pkeyout);
openssl_pkcs12_export($x509, $pkcs12, $pkeyout, '', ['extracerts' => [$cacert]]);

if (!$certout || !$pkeyout || !$pkcs12) {
    throw new \Exception('Error');
}

$zip = new ZipArchive;
$res = $zip->open(getcwd() . '/cert.zip', ZipArchive::CREATE);
if ($res === TRUE) {
    $zip->addFromString('client.crt', "{$certout}{$cacert}");
    $zip->addFromString('client.key', $pkeyout);
    $zip->addFromString('all.pem', "{$certout}{$cacert}{$pkeyout}");
    $zip->addFromString('client.p12', $pkcs12);
    $zip->close();
} else {
    throw new \Exception('Zip error');
}

header('Content-type: application/x-zip-compressed');
header('Content-Disposition: attachment; filename="cert.zip"');
echo file_get_contents(getcwd() . '/cert.zip');
unlink(getcwd() . '/cert.zip');
	<?php
	$dn = array(
	"countryName" => "CN",
	"stateOrProvinceName" => "Shanghai",
	"localityName" => "Shanghai",
	"organizationName" => "O",
	"organizationalUnitName" => "OU",
	"commonName" => "Guest",
	"emailAddress" => "guest@example.com"
	);

	$privkey = openssl_pkey_new(array(
	"private_key_bits" => 2048,
	"private_key_type" => OPENSSL_KEYTYPE_RSA,
	'config' => getcwd() . '/openssl.cnf'
	));

	$csr = openssl_csr_new($dn, $privkey, ['digest_alg' => 'sha256', 'config' => getcwd() . '/openssl.cnf']);

	$x509 = openssl_csr_sign($csr, 'file://' . getcwd() . '/CA/cacert.pem', 'file://' . getcwd() . '/CA/private/cakey.pem', 365, ['digest_alg' => 'sha256', 'config' => getcwd() . '/openssl.cnf'], 1000);

	$cacert = file_get_contents(getcwd() . '/CA/cacert.pem');

	openssl_x509_export($x509, $certout);
	openssl_pkey_export($privkey, $pkeyout);
	openssl_pkcs12_export($x509, $pkcs12, $pkeyout, '', ['extracerts' => [$cacert]]);

	if (!$certout \|\| !$pkeyout \|\| !$pkcs12) {
	throw new \Exception('Error');
	}

	$zip = new ZipArchive;
	$res = $zip->open(getcwd() . '/cert.zip', ZipArchive::CREATE);
	if ($res === TRUE) {
	$zip->addFromString('client.crt', "{$certout}{$cacert}");
	$zip->addFromString('client.key', $pkeyout);
	$zip->addFromString('all.pem', "{$certout}{$cacert}{$pkeyout}");
	$zip->addFromString('client.p12', $pkcs12);
	$zip->close();
	} else {
	throw new \Exception('Zip error');
	}

	header('Content-type: application/x-zip-compressed');
	header('Content-Disposition: attachment; filename="cert.zip"');
	echo file_get_contents(getcwd() . '/cert.zip');
	unlink(getcwd() . '/cert.zip');